From d5f3984a7d1425171136ffa60495033b82a0690f Mon Sep 17 00:00:00 2001
From: Christian Weiske <cweiske@cweiske.de>
Date: Tue, 11 Feb 2014 21:04:38 +0100
Subject: [PATCH] use executeAudited instead of prepare+execute

---
 lib/base.php | 80 ++++++++++++++++++++++++++++++----------------------
 1 file changed, 46 insertions(+), 34 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index 371efa4..7d01e79 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -40,8 +40,10 @@ abstract class Base extends \OC_User_Backend{
 	 * @return bool
 	 */
 	public function deleteUser($uid) {
-		$query = OC_DB::prepare('DELETE FROM `*PREFIX*users_external` WHERE `uid` = ? AND `backend` = ?');
-		$query->execute(array($uid, $this->backend));
+		OC_DB::executeAudited(
+			'DELETE FROM `*PREFIX*users_external` WHERE `uid` = ? AND `backend` = ?',
+			array($uid, $this->backend)
+		);
 		return true;
 	}
 
@@ -53,9 +55,12 @@ abstract class Base extends \OC_User_Backend{
 	 * @return string display name
 	 */
 	public function getDisplayName($uid) {
-		$query = OC_DB::prepare('SELECT `displayname` FROM `*PREFIX*users_external` WHERE `uid` = ? AND `backend` = ?');
-		$result = $query->execute(array($uid, $this->backend))->fetchAll();
-		$displayName = trim($result[0]['displayname'], ' ');
+		$user = OC_DB::executeAudited(
+			'SELECT `displayname` FROM `*PREFIX*users_external`'
+			. ' WHERE `uid` = ? AND `backend` = ?',
+			array($uid, $this->backend)
+		)->fetchRow();
+		$displayName = trim($user['displayname'], ' ');
 		if (!empty($displayName)) {
 			return $displayName;
 		} else {
@@ -69,15 +74,18 @@ abstract class Base extends \OC_User_Backend{
 	 * @return array with all displayNames (value) and the corresponding uids (key)
 	 */
 	public function getDisplayNames($search = '', $limit = null, $offset = null) {
-		$displayNames = array();
-		$query = OC_DB::prepare(
-			'SELECT `uid`, `displayname` FROM `*PREFIX*users_external`'
-			. ' WHERE (LOWER(`displayname`) LIKE LOWER(?) OR '
-			. 'LOWER(`uid`) LIKE LOWER(?)) AND `backend` = ?',
-			$limit, $offset
+		$result = OC_DB::executeAudited(
+			array(
+				'sql' => 'SELECT `uid`, `displayname` FROM `*PREFIX*users_external`'
+					. ' WHERE (LOWER(`displayname`) LIKE LOWER(?) '
+					. ' OR LOWER(`uid`) LIKE LOWER(?)) AND `backend` = ?',
+				'limit'  => $limit,
+				'offset' => $offset
+			),
+			array($search . '%', $search . '%', $this->backend)
 		);
-		$result = $query->execute(array($search . '%', $search . '%', $this->backend));
-		$users = array();
+
+		$displayNames = array();
 		while ($row = $result->fetchRow()) {
 			$displayNames[$row['uid']] = $row['displayname'];
 		}
@@ -91,11 +99,15 @@ abstract class Base extends \OC_User_Backend{
 	* @return array with all uids
 	*/
 	public function getUsers($search = '', $limit = null, $offset = null) {
-		$query = OC_DB::prepare(
-			'SELECT `uid` FROM `*PREFIX*users_external` WHERE LOWER(`uid`) LIKE LOWER(?) AND `backend` = ?',
-			$limit, $offset
+		$result = OC_DB::executeAudited(
+			array(
+				'sql' => 'SELECT `uid` FROM `*PREFIX*users_external`'
+					. ' WHERE LOWER(`uid`) LIKE LOWER(?) AND `backend` = ?',
+				'limit' => $limit,
+				'offset' => $offset
+			),
+			array($search . '%', $this->backend)
 		);
-		$result = $query->execute(array($search . '%', $this->backend));
 		$users = array();
 		while ($row = $result->fetchRow()) {
 			$users[] = $row['uid'];
@@ -115,21 +127,21 @@ abstract class Base extends \OC_User_Backend{
 	/**
 	 * Change the display name of a user
 	 *
-	 * @param string $uid		 The username
+	 * @param string $uid         The username
 	 * @param string $displayName The new display name
 	 *
 	 * @return true/false
 	 */
 	public function setDisplayName($uid, $displayName) {
-		if ($this->userExists($uid)) {
-			$query = OC_DB::prepare(
-				'UPDATE `*PREFIX*users_external` SET `displayname` = ? WHERE LOWER(`uid`) = ? AND `backend` = ?'
-			);
-			$query->execute(array($displayName, $uid, $this->backend));
-			return true;
-		} else {
+		if (!$this->userExists($uid)) {
 			return false;
 		}
+		OC_DB::executeAudited(
+			'UPDATE `*PREFIX*users_external` SET `displayname` = ?'
+			. ' WHERE LOWER(`uid`) = ? AND `backend` = ?',
+			array($displayName, $uid, $this->backend)
+		);
+		return true;
 	}
 
 	/**
@@ -142,8 +154,11 @@ abstract class Base extends \OC_User_Backend{
 	protected function storeUser($uid)
 	{
 		if (!$this->userExists($uid)) {
-			$query = OC_DB::prepare('INSERT INTO `*PREFIX*users_external` ( `uid`, `backend` ) VALUES( ?, ? )');
-			$result = $query->execute(array($uid, $this->backend));
+			OC_DB::executeAudited(
+				'INSERT INTO `*PREFIX*users_external` ( `uid`, `backend` )'
+				. ' VALUES( ?, ? )',
+				array($uid, $this->backend)
+			);
 		}
 	}
 
@@ -155,14 +170,11 @@ abstract class Base extends \OC_User_Backend{
 	 * @return boolean
 	 */
 	public function userExists($uid) {
-		$query = OC_DB::prepare(
-			'SELECT COUNT(*) FROM `*PREFIX*users_external` WHERE LOWER(`uid`) = LOWER(?) AND `backend` = ?'
+		$result = OC_DB::executeAudited(
+			'SELECT COUNT(*) FROM `*PREFIX*users_external`'
+			. ' WHERE LOWER(`uid`) = LOWER(?) AND `backend` = ?',
+			array($uid, $this->backend)
 		);
-		$result = $query->execute(array($uid, $this->backend));
-		if (OC_DB::isError($result)) {
-			OC_Log::write('user_external', OC_DB::getErrorMessage($result), OC_Log::ERROR);
-			return false;
-		}
 		return $result->fetchOne() > 0;
 	}
 }